Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Commit

Permalink
feat: Add iam_binding field to findings attributes. It represents par…
Browse files Browse the repository at this point in the history
…ticular IAM bindings, which captures a member's role addition, removal, or state (#474)

* feat: Add iam_binding field to findings attributes. It represents particular IAM bindings, which captures a member's role addition, removal, or state

PiperOrigin-RevId: 439976914

Source-Link: googleapis/googleapis@f83787e

Source-Link: https://github.com/googleapis/googleapis-gen/commit/a4e583e31dda27c647f4865794349b3130c776bd
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYTRlNTgzZTMxZGRhMjdjNjQ3ZjQ4NjU3OTQzNDliMzEzMGM3NzZiZCJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
  • Loading branch information
gcf-owl-bot[bot] and gcf-owl-bot[bot] authored Apr 7, 2022
1 parent 051bf4a commit b29893c
Show file tree
Hide file tree
Showing 15 changed files with 678 additions and 149 deletions.
2 changes: 1 addition & 1 deletion protos/google/cloud/securitycenter/v1/access.proto
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ syntax = "proto3";

package google.cloud.securitycenter.v1;

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
option java_multiple_files = true;
option java_outer_classname = "AccessProto";
option java_package = "com.google.cloud.securitycenter.v1";
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

Expand Down
16 changes: 7 additions & 9 deletions protos/google/cloud/securitycenter/v1/bigquery_export.proto
Original file line number Diff line number Diff line change
Expand Up @@ -81,21 +81,19 @@ message BigQueryExport {
// Output only. The time at which the big query export was created.
// This field is set by the server and will be ignored if provided on export
// on creation.
google.protobuf.Timestamp create_time = 5
[(google.api.field_behavior) = OUTPUT_ONLY];
google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. The most recent time at which the big export was updated.
// This field is set by the server and will be ignored if provided on export
// creation or update.
google.protobuf.Timestamp update_time = 6
[(google.api.field_behavior) = OUTPUT_ONLY];
google.protobuf.Timestamp update_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. Email address of the user who last edited the big query
// export. This field is set by the server and will be ignored if provided on
// export creation or update.
// Output only. Email address of the user who last edited the big query export.
// This field is set by the server and will be ignored if provided on export
// creation or update.
string most_recent_editor = 7 [(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. The service account that needs permission to create table,
// upload data to the big query dataset.
// Output only. The service account that needs permission to create table, upload data to
// the big query dataset.
string principal = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
}
3 changes: 2 additions & 1 deletion protos/google/cloud/securitycenter/v1/external_system.proto
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@ message ExternalSystem {
};

// External System Name e.g. jira, demisto, etc.
// e.g.: `organizations/1234/sources/5678/findings/123456/externalSystems/jira`
// e.g.:
// `organizations/1234/sources/5678/findings/123456/externalSystems/jira`
// `folders/1234/sources/5678/findings/123456/externalSystems/jira`
// `projects/1234/sources/5678/findings/123456/externalSystems/jira`
string name = 1;
Expand Down
18 changes: 10 additions & 8 deletions protos/google/cloud/securitycenter/v1/finding.proto
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/cloud/securitycenter/v1/access.proto";
import "google/cloud/securitycenter/v1/external_system.proto";
import "google/cloud/securitycenter/v1/iam_binding.proto";
import "google/cloud/securitycenter/v1/indicator.proto";
import "google/cloud/securitycenter/v1/mitre_attack.proto";
import "google/cloud/securitycenter/v1/security_marks.proto";
Expand Down Expand Up @@ -110,7 +111,7 @@ message Finding {
MEDIUM = 3;

// Vulnerability:
// A low risk vulnerability hampers a security organizations ability to
// A low risk vulnerability hampers a security organization's ability to
// detect vulnerabilities or active threats in their deployment, or prevents
// the root cause investigation of security issues. An example is monitoring
// and logs being disabled for resource configurations and access.
Expand Down Expand Up @@ -228,7 +229,7 @@ message Finding {
// finding.
string canonical_name = 14;

// Indicates the mute state of a finding (either unspecified, muted, unmuted
// Indicates the mute state of a finding (either muted, unmuted
// or undefined). Unlike other attributes of a finding, a finding provider
// shouldn't set the value of mute.
Mute mute = 15;
Expand All @@ -249,13 +250,11 @@ message Finding {
Vulnerability vulnerability = 20;

// Output only. The most recent time this finding was muted or unmuted.
google.protobuf.Timestamp mute_update_time = 21
[(google.api.field_behavior) = OUTPUT_ONLY];
google.protobuf.Timestamp mute_update_time = 21 [(google.api.field_behavior) = OUTPUT_ONLY];

// Output only. Third party SIEM/SOAR fields within SCC, contains external
// system information and external system finding fields.
map<string, ExternalSystem> external_systems = 22
[(google.api.field_behavior) = OUTPUT_ONLY];
// Output only. Third party SIEM/SOAR fields within SCC, contains external system
// information and external system finding fields.
map<string, ExternalSystem> external_systems = 22 [(google.api.field_behavior) = OUTPUT_ONLY];

// MITRE ATT&CK tactics and techniques related to this finding.
// See: https://attack.mitre.org
Expand All @@ -270,4 +269,7 @@ message Finding {
// finding, etc. Unlike other attributes of a finding, a finding provider
// shouldn't set the value of mute.
string mute_initiator = 28;

// Represents IAM bindings associated with the Finding.
repeated IamBinding iam_bindings = 39;
}
52 changes: 52 additions & 0 deletions protos/google/cloud/securitycenter/v1/iam_binding.proto
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.securitycenter.v1;

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
option java_multiple_files = true;
option java_outer_classname = "IamBindingProto";
option java_package = "com.google.cloud.securitycenter.v1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";

// Represents a particular IAM binding, which captures a member's role addition,
// removal, or state.
message IamBinding {
// The type of action performed on a Binding in a policy.
enum Action {
// Unspecified.
ACTION_UNSPECIFIED = 0;

// Addition of a Binding.
ADD = 1;

// Removal of a Binding.
REMOVE = 2;
}

// The action that was performed on a Binding.
Action action = 1;

// Role that is assigned to "members".
// For example, "roles/viewer", "roles/editor", or "roles/owner".
string role = 2;

// A single identity requesting access for a Cloud Platform resource,
// e.g. "[email protected]".
string member = 3;
}
3 changes: 1 addition & 2 deletions protos/google/cloud/securitycenter/v1/indicator.proto
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,14 @@ syntax = "proto3";

package google.cloud.securitycenter.v1;

option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/securitycenter/v1;securitycenter";
option java_multiple_files = true;
option java_outer_classname = "IndicatorProto";
option java_package = "com.google.cloud.securitycenter.v1";
option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
option php_namespace = "Google\\Cloud\\SecurityCenter\\V1";
option ruby_package = "Google::Cloud::SecurityCenter::V1";


// Represents what's commonly known as an Indicator of compromise (IoC) in
// computer forensics. This is an artifact observed on a network or in an
// operating system that, with high confidence, indicates a computer intrusion.
Expand Down
4 changes: 4 additions & 0 deletions protos/google/cloud/securitycenter/v1/mitre_attack.proto
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ message MitreAttack {

// MITRE ATT&CK techniques that can be referenced by SCC findings.
// See: https://attack.mitre.org/techniques/enterprise/
// Next ID: 30
enum Technique {
// Unspecified value.
TECHNIQUE_UNSPECIFIED = 0;
Expand Down Expand Up @@ -165,6 +166,9 @@ message MitreAttack {

// T1556
MODIFY_AUTHENTICATION_PROCESS = 28;

// T1485
DATA_DESTRUCTION = 29;
}

// The MITRE ATT&CK tactic most closely represented by this finding, if any.
Expand Down
14 changes: 7 additions & 7 deletions protos/google/cloud/securitycenter/v1/resource.proto
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,16 @@ message Resource {
// https://cloud.google.com/apis/design/resource_names#full_resource_name
string name = 1;

// The human readable name of the resource.
string display_name = 8;

// The full resource type of the resource.
string type = 6;

// The full resource name of project that the resource belongs to.
string project = 2;

// The project id that the resource belongs to.
// The project ID that the resource belongs to.
string project_display_name = 3;

// The full resource name of resource's parent.
Expand All @@ -45,14 +51,8 @@ message Resource {
// The human readable name of resource's parent.
string parent_display_name = 5;

// The full resource type of the resource.
string type = 6;

// Output only. Contains a Folder message for each folder in the assets ancestry.
// The first folder is the deepest nested folder, and the last folder is the
// folder directly under the Organization.
repeated Folder folders = 7 [(google.api.field_behavior) = OUTPUT_ONLY];

// The human readable name of the resource.
string display_name = 8;
}
Original file line number Diff line number Diff line change
Expand Up @@ -1574,10 +1574,16 @@ message ListFindingsResponse {
// https://cloud.google.com/apis/design/resource_names#full_resource_name
string name = 1;

// The human readable name of the resource.
string display_name = 8;

// The full resource type of the resource.
string type = 6;

// The full resource name of project that the resource belongs to.
string project_name = 2;

// The project id that the resource belongs to.
// The project ID that the resource belongs to.
string project_display_name = 3;

// The full resource name of resource's parent.
Expand All @@ -1586,16 +1592,10 @@ message ListFindingsResponse {
// The human readable name of resource's parent.
string parent_display_name = 5;

// The full resource type of the resource.
string type = 6;

// Contains a Folder message for each folder in the assets ancestry.
// The first folder is the deepest nested folder, and the last folder is
// the folder directly under the Organization.
repeated Folder folders = 7;

// The human readable name of the resource.
string display_name = 8;
}

// Finding matching the search request.
Expand Down Expand Up @@ -1765,7 +1765,7 @@ message UpdateSecurityMarksRequest {
// The time at which the updated SecurityMarks take effect.
// If not set uses current server time. Updates will be applied to the
// SecurityMarks that are active immediately preceding this time. Must be
// smaller or equal to the server time.
// earlier or equal to the server time.
google.protobuf.Timestamp start_time = 3;
}

Expand Down
Loading

0 comments on commit b29893c

Please sign in to comment.